There is no such thing as a vacation for cybercriminals. We recently released our top summer cybersecurity travel tips to help keep you safe. Earlier this year, we posted about travel-themed phishing attacks, and Forbes just posted a great reminder about the dangers of sharing your boarding pass on social media. Read below for their advice.

Newly-released research reveals the eye-watering costs that the manufacturing sector has suffered in recent years at the hands of ransomware. The analysis, by Comparitech, looked at 478 confirmed ransomware attacks on manufacturing companies between 2018 and July 2023, in an attempt to determine their true cost.

State-sponsored threat actors continue to exploit legitimate cloud services, and especially one group, the Russian APT29 (also known as Cozy Bear, Cloaked Ursa, BlueBravo, Midnight Blizzard, and formerly Nobelium), seems to be particularly active. Between March and May 2023, security researchers at Recorded Future’s Insikt Group have unearthed a cyber espionage campaign by the same threat actor allegedly targeting government-sector entities in Europe with interest in Ukraine.

The role of the CISO is expanding alongside the growing adoption of digital technologies, which has resulted in a faster and more interconnected workforce. The dynamic and evolving nature of cyber threats is posing challenges for security teams in terms of visibility and expertise required to defend against them.

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted to adopt new cybersecurity requirements for publicly traded companies. These regulations create new obligations for reporting material cybersecurity incidents and disclosing critical information related to cybersecurity risk management, expertise, and governance. Companies will be required to disclose risks in their annual reports beginning on December 15, 2023.

Washington’s My Health My Data Act (MHMD Act) regulates businesses and service providers that process or collect consumer health data from state residents. The act’s broad definition of “health data” carries compliance implications for a wide range of entities, including many that fall outside the scope of the Health Insurance Portability and Accountability Act (HIPAA).

Trustwave SpiderLabs discovered a new version of the Rilide Stealer extension targeting Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera. This malware uses a creative way to work around the Chrome Extension Manifest V3 from Google which is aimed at blocking the installation of malicious extensions for chromium browsers.

The microservices architecture provides developers and DevOps engineers significant agility that helps them move at the pace of the business. Breaking monolithic applications into smaller components accelerates development, streamlines scaling, and improves fault isolation. However, it also introduces certain security complexities since microservices frequently engage in inter-service communications, primarily through HTTP-based APIs, thus broadening the application’s attack surface.